The SecPod Default Benchmark offers a pre-configured, regulatory-compliant assessment framework designed to streamline risk identification and mitigation across cloud environments. Built with industry best practices in mind, this benchmark includes standardized rules that evaluate specific resource configurations, displaying compliance results directly on the dashboard for enhanced visibility and accessibility.
Access Benchmarks from Saner Cloud Security
Step 1: Launch Saner CSPM
After you login, select Cloud Security from the landing page. Next, click the App Launcher( on top of the page) and choose CSPM(Cloud Security Posture Management).
Step 2: Access Benchmarks
Click the Benchmarks link on the top-right of the page. The Configuration details page opens. Go ahead and click the Create New Benchmark button to launch the Wizard-based UI.
Setup a Benchmark Using Wizard-based UI
With the guided User Interface, go ahead and create a custom benchmark if predefined benchmarks don’t fit all your needs.
Step 1: Specify Security Benchmark to Use and Region to Apply
In this step, select the security benchmark that you want to use from the drop-down menu.
Available options:
- CIS Amazon Web Services Foundations Benchmark v3.0.0
- SecPod Default Benchmark
- NIST SP 800-53 Rev. 5
- PCI DSS v3.2.1
- HIPAA
- SOC
Additionally, specify the cloud region for which you want to apply the benchmark to from the drop-down menu.
Note: If you do not select the region, then the benchmark applies to all regions by default.
Tabular Listing of Benchmarks
Click Next to see the Tabular listing of the Benchmarks with details on:
- ID
- Configuration
- Affected Rules
- Values
- Severity
From the tabular listing, you have an option to:
- Select Benchmarks for which you want create rules. Click Next and begin to select rules that align with security standard
- Update the Severity of Benchmarks. Click the Edit button under the Severity column and set the severity level.
Prioritize Issues based on Criticality to System Security
Severity in Benchmark rules indicate the level of risk or potential impact associated with each security configuration issue. It helps prioritize issues based on their criticality to system security. The levels shown in the image include:
- Critical: Indicates issues that pose the highest risk and require immediate attention to prevent severe security breaches.
- High: Represents significant risks that could lead to security vulnerabilities if not addressed promptly.
- Medium: Denotes moderate risks that are less urgent but still important to mitigate to maintain overall security.
- Low: Denotes risk of lesser severity and does not need immediate attention
Adjust the Benchmark Values As You Wish
In the context of Saner Cloud Security Posture Management (CSPM), the term “No Input Required” refers to automated security checks that do not require any additional configurations, manual inputs, or user intervention.
Saner CSPM automatically indicates whether a rule necessitates user input for customization or functions with default settings (“No input required”). However, users have an option to modify the entries in the “Values” column as they wish.
What Can You Interpret from Global Benchmarks?
Global benchmarks assess services and configurations that are not region-specific. For instance, AWS CloudFront is classified as a global service because it operates across multiple regions.
Saner CSPM offers guidance based on the findings from these global benchmarks by labeling these checks as “Global.” When you hover over the benchmark icon (represented as a “question mark”), it displays key insights explaining the importance of these checks and suggested actions to address any identified issues (see screenshot for an example).
Step 2: Choose Rules that Align with Security Standard
Provide a Name and Description to Your Benchmark.
If you want to specify this benchmark as a Primary one, then turn on the Primary Benchmark slider.
Choose the rules that align with the specified security standard. Click the checkbox(es) to choose one or more rules that you want to map with the security standard.
In the Assign to Other Accounts, observe the current cloud account selected by default. If you’d want to apply this benchmark for any other account, then click the appropriate checkbox(es).
Lastly, click the Create New Benchmark button.
Step 3: Complete Benchmark Creation
On completing all the steps, the system applies the selected benchmark rules to the chosen regions and resources for evaluation.
Click Next to view the list of rule IDs, descriptions, affected Rules, along with the “Values” on the Configuration page.
See Also
